def test_auth_verify(self):
msg = b'Anybody can invent a cryptosystem he cannot break himself. Except Bruce Schneier.'
key1 = libnacl.utils.salsa_key()
key2 = libnacl.utils.salsa_key()
sig1 = libnacl.crypto_auth(msg, key1)
sig2 = libnacl.crypto_auth(msg, key2)
self.assertTrue(libnacl.crypto_auth_verify(sig1, msg, key1))
self.assertTrue(libnacl.crypto_auth_verify(sig2, msg, key2))
with self.assertRaises(ValueError) as context:
libnacl.crypto_auth_verify(sig1, msg, key2)
self.assertTrue('Failed to auth msg' in context.exception.args)
with self.assertRaises(ValueError) as context:
libnacl.crypto_auth_verify(sig2, msg, key1)
self.assertTrue('Failed to auth msg' in context.exception.args)
def encode_auth(cls, message, key, footer=b''):
prefix = cls.version + b'.auth.'
mac = libnacl.crypto_auth(pre_auth_encode([prefix, message, footer]),
key)
without_footer = prefix + base64.urlsafe_b64encode(message + mac)
if footer:
return without_footer + b'.' + base64.urlsafe_b64encode(footer)
else:
return without_footer
def generate_diffie_shared_secret(self, dh_received, key=None):
if key is None:
key = self.key
tmp_key = self.generate_key("curve25519")
y = tmp_key.key.sk
Y = tmp_key.key.pk
shared_secret = libnacl.crypto_box_beforenm(dh_received, y) + libnacl.crypto_box_beforenm(dh_received, key.key.sk)
AUTH = libnacl.crypto_auth(Y, shared_secret[:32])
return shared_secret, Y, AUTH
def test_auth_rejects_wrong_lengths(self):
msg = b'Time is an illusion. Lunchtime doubly so.'
for bad_key in (b'too short', b'too long' * 100):
with self.assertRaises(ValueError) as context:
libnacl.crypto_auth(msg, bad_key)
self.assertEqual(context.exception.args, ('Invalid secret key',))
